User Information Capability

Introduction

All the user information on mini program platform requires user's authorization. Based on the international standard OAuth2.0 authorization mechanism, mini program developers can get user authorization to obtain user information.

However, developers must fully respect the privacy of users and properly use the user authorization. If the information is found to be used beyond the agreed scope or out of unreasonable usage, the platform has the right to permanently withdraw the interface authority of mini program.

Prerequisite

  • This capability is open to merchants who have become business partners of wallets.
  • Make sure that the integration and configuration have been completed and the mini program has been published.

Interaction Process

Silence Mode

The silence mode is used to get sensitive user information, which requires the wallet (tenant) permission.

MP best practice for payment.jpg

The interaction flow of the silent mode consists of the following steps:

  1. The user opens the wallet app and is redirected to the merchant mini program.
  2. The merchant mini program calls the getAuthCode JSAPI to request authCode from the wallet app.
  3. The wallet app returns authCode to the merchant mini program, which sends authCode to the ISV/merchant backend server.
  4. With the obtained authCode in step 3, the ISV/merchant server calls the /{version}/oauths/applyToken OpenAPI to request accessToken and uid from the wallet server.

Tip: The version is the version of Open APIs, for example, v1 or v2

  1. The wallet server returns accessToken and uid to the ISV/merchant server.

Notes:

  • authCode is used to exchange for accessToken. Every time the user authorization is completed, authCode in the JSAPI response is different. authCode can only be used for one time and is automatically expired within one day.
  • After the ISV/merchant obtains accessToken and uid:
  • The ISV/merchant can use accessToken to call other OpenAPIs. For example, call the inquiryUserInfoByAccessToken OpenAPI to query the user information.
  • The ISV/merchant can generate a session that maps to accessToken and uid, then set session expiration time and store the mapping. The session will be stored in the mini program framework.

User Consent Mode

The user consent mode is used to get public user information without further permission from wallets (tenants).

MP best practice for payment2.jpg

Get User Open Info

When the merchant mini program intends to get some public information of users, such as name and avatar, use the User Consent Mode with the getOpenUserInfo JSAPI. The user needs to sign the agreement and clicks the Accept button. This function is used to display some personal data of the user in the mini program.

Get Auth Code

When the merchant mini program intends to get authCode that is for further usage, call the getAuthCode JSAPI by specifying the scope field.

API List

JSAPI

Description

my.getOpenUserInfo

Get user open info like avatar, nickname, etc.

my.getAuthCode

Get user's authentication code.

OpenAPI

Description

/{version}/authorizations/{apiName} 

Tip: The version is the version of Open APIs, for example, v1 or v2

For details, see the Open APIs for Merchants chapter.

/{version}/users/inquiryUserInfo

More Information

Capabilities

JSAPIs

Open APIs

Developing Mini Program

Using Mini Program Platform

Features